Lack of tools needed to share sensitive information securely, lack of understanding about data security policies and carelessness on part of employees are the major reasons why organisations are unable to prevent the scourge of insider breaches despite upping their cyber security investments.
A new report from Egress has revealed that there is a wide gap in how IT leaders and employees at organisations treat sensitive data, respect their confidentiality, and share them with co-workers and third parties, indicating that a lot of training is required to make employees totally aware of how sensitive data is to be stored and shared with third parties.
IT leaders certain employees are regularly committing insider breaches
As many as 95% of IT leaders at US and UK-based organisations view insider breaches as major concerns, with 60% of them certain of suffering accidental insider breaches in the next 12 months, 46% certain of suffering malicious insider breaches in the same period, and 79% of them certain of the fact that employees at their organisations have put company data at risk accidentally in the last 12 months.
As many as 61% of IT leaders also believe that employees have committed insider breaches in the past twelve months for ulterior motives such as financial gain or harming organisations financially. However, all breaches did not necessarily arise out of malicious behaviour on part of employees.
While 60% of IT leaders said their employees committed insider breaches by making mistakes or while rushing through their tasks, 36% said breaches were caused by a lack of training on the company’s security tools, and 44% said that a general lack of awareness among employees is another reason behind a spate of data breaches.
Even though a majority of IT leaders are quite certain that their employees are committing insider breaches on a regular basis, as many as 92% of employees say they haven’t accidentally broken company data sharing policy in the last 12 months and even if they have done so, they haven't done so intentionally. This indicates that a large majority of employees are not aware of whether they have breached their companies' security policies or not.
While a majority of employees who intentionally shared data against company rules said that they were forced to do so because of a lack of tools needed to share sensitive information securely, 29% of them said they have ownership of the data they have worked on and 23% have admitted taking sensitive company data to their new jobs.
User education, policies and technology have to be combined
"While IT leaders seem to expect employees to put data at risk – they’re not providing the tools and training required to stop the data breach from happening. Technology needs to be part of the solution. By implementing security solutions that are easy to use and work within the daily flow of how data is shared, combined with advanced AI that prevents data from being leaked, IT leaders can move from minimising data breaches to stopping them from happening in the first place," said Tony Pepper, CEO and Co-founder of Egress.
"As the quantity of unstructured data and variety of ways to share it continue to grow exponentially, the number of insider breaches will keep rising unless the gulf between IT leaders and employee perceptions of data protection is closed. Employees don’t understand what constitutes acceptable behaviour around data sharing and are not confident that they have the tools to work effectively with sensitive information.
"The results of this research show that reducing the risk of insider breaches requires a multi-faceted approach combining user education, policies and technology to support users to work safely and responsibly with company data," he added.